We are dedicated to renewing America by continuing the quest to realize our nation's highest ideals, honestly confronting the challenges caused by rapid technological and social change, and seizing the opportunities those changes create.

Government Vulnerability Management

Promoting Transparency, Accountability, and Cybersecurity

Event

When

Dec. 11, 20183:30 pm - 5:15 pm

Where

New America740 15th St NW #900 Washington, D.C. 20005

Countries around the world are struggling with questions surrounding governments’ acquisition, assessment, use, and management of software and hardware vulnerabilities. When may governments retain a vulnerability for exploitation by law enforcement or intelligence agencies instead of disclosing it for repair?

One year ago, in November 2017, the White House finally released an unclassified version of the U.S. Vulnerabilities Equities Process (VEP) Charter—a document that outlines how the administration weighs the cybersecurity need to disclose vulnerabilities for repair against the equities of law enforcement and intelligence agencies who seek to exploit these vulnerabilities. However, the Charter is only policy, not law, and does not provide robust accountability measures. This past August, the German think tank Stiftung Neue Verantwortung (SNV), as part of the Transatlantic Cyber Forum, released a paper urging the adoption of publicly disclosed policies for vulnerability handling and disclosure in the German and EU debates, while continuing to identify and advocate for further improvements to the existing process in the United States. The paper urges that “The focus of these policies should be on ‘when’ and ‘how’ disclosure should occur rather than ‘whether’ and ‘if.’”

Please join New America’s Open Technology Institute (OTI), Mozilla, and SNV for an in-depth conversation about where we stand in the United States and internationally one year after publication of the U.S. VEP Charter.